Apple has slapped another patch on its QuickTime media player to plug two serious security vulnerabilities
The QuickTime 7.1.6 update, available for both Mac and Windows users, addresses a pair of implementation flaws in QuickTime for Java, the architecture that provides APIs for developers to build multimedia into applications and applets.
The more serious of the two flaws could allow code injection attacks if a user is tricked into browsing to a malicious Web page.
The bug, reported by researchers from IBM ISS X-Force and Secunia, could allow instantiation or manipulation of objects outside the bounds of the allocated heap. “By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution,” Apple said in an advisory.
The second flaw is a design issue n QuickTime for Java that could allow a Web browser’s memory to be read by a Java applet.
“By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to the disclosure of sensitive information,” Apple said.
0
To remove first post, remove entire topic.
Apple has slapped another patch on its QuickTime media player to plug two serious security vulnerabilities
The QuickTime 7.1.6 update, available for both Mac and Windows users, addresses a pair of implementation flaws in QuickTime for Java, the architecture that provides APIs for developers to build multimedia into applications and applets.
The more serious of the two flaws could allow code injection attacks if a user is tricked into browsing to a malicious Web page.
The bug, reported by researchers from IBM ISS X-Force and Secunia, could allow instantiation or manipulation of objects outside the bounds of the allocated heap. “By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution,” Apple said in an advisory.
The second flaw is a design issue n QuickTime for Java that could allow a Web browser’s memory to be read by a Java applet.
“By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to the disclosure of sensitive information,” Apple said.
If you choose to make use of any information on this website including online sports betting services from any websites that may be featured on
this website, we strongly recommend that you carefully check your local laws before doing so.It is your sole responsibility to understand your local laws and observe them strictly.Covers does not provide
any advice or guidance as to the legality of online sports betting or other online gambling activities within your jurisdiction and you are responsible for complying with laws that are applicable to you in
your relevant locality.Covers disclaims all liability associated with your use of this website and use of any information contained on it.As a condition of using this website, you agree to hold the owner
of this website harmless from any claims arising from your use of any services on any third party website that may be featured by Covers.
Hot Forum Topics
